diff options
| author | Richard Mudgett <rmudgett@digium.com> | 2015-07-15 15:40:32 -0500 |
|---|---|---|
| committer | Richard Mudgett <rmudgett@digium.com> | 2015-07-16 12:27:01 -0500 |
| commit | b34c4528abfff6759fe184adc6360a0e22705e2c (patch) | |
| tree | 010aa9acce32dc6dd0bdc6a2198f256959fa45fb /include | |
| parent | 605c5d23a82fbde2f54aa4c9b62b16ed488abb64 (diff) | |
strings.h: Fix issues with escape string functions.
Fixes for issues with the ASTERISK-24934 patch.
* Fixed ast_escape_alloc() and ast_escape_c_alloc() if the s parameter is
an empty string. If it were an empty string the functions returned NULL
as if there were a memory allocation failure. This failure caused the AMI
VarSet event to not get posted if the new value was an empty string.
* Fixed dest buffer overwrite potential in ast_escape() and
ast_escape_c(). If the dest buffer size is smaller than the space needed
by the escaped s parameter string then the dest buffer would be written
beyond the end by the nul string terminator. The num parameter was really
the dest buffer size parameter so I renamed it to size.
* Made nul terminate the dest buffer if the source string parameter s was
an empty string in ast_escape() and ast_escape_c().
* Updated ast_escape() and ast_escape_c() doxygen function description
comments to reflect reality.
* Added some more unit test cases to /main/strings/escape to cover the
empty source string issues.
ASTERISK-25255 #close
Reported by: Richard Mudgett
Change-Id: Id77fc704600ebcce81615c1200296f74de254104
Diffstat (limited to 'include')
| -rw-r--r-- | include/asterisk/strings.h | 19 |
1 files changed, 10 insertions, 9 deletions
diff --git a/include/asterisk/strings.h b/include/asterisk/strings.h index d361293d0..af5ae6c55 100644 --- a/include/asterisk/strings.h +++ b/include/asterisk/strings.h @@ -312,32 +312,33 @@ char *ast_unescape_c(char *s); /*! * \brief Escape the 'to_escape' characters in the given string. * - * \note The given output buffer has to have enough memory allocated to store the - * original string plus any escaped values. + * \note The given output buffer will contain a truncated escaped + * version of the source string if the given buffer is not large + * enough. * * \param dest the escaped string * \param s the source string to escape - * \param num number of characters to be copied from the source + * \param size The size of the destination buffer * \param to_escape an array of characters to escape * * \return Pointer to the destination. */ -char* ast_escape(char *dest, const char *s, size_t num, const char *to_escape); +char *ast_escape(char *dest, const char *s, size_t size, const char *to_escape); /*! * \brief Escape standard 'C' sequences in the given string. * - * \note The given output buffer has to have enough memory allocated to store the - * original string plus any escaped values. + * \note The given output buffer will contain a truncated escaped + * version of the source string if the given buffer is not large + * enough. * * \param dest the escaped string * \param s the source string to escape - * \param num number of characters to be copied from the source - * \param to_escape an array of characters to escape + * \param size The size of the destination buffer * * \return Pointer to the escaped string. */ -char* ast_escape_c(char *dest, const char *s, size_t num); +char *ast_escape_c(char *dest, const char *s, size_t size); /*! * \brief Escape the 'to_escape' characters in the given string. |